On 18 June 2018 at 18:07, M.-A. Lemburg <m...@egenix.com> wrote: > Overall, I think that removing repo or bpo permissions should be > kept separate from the status itself. It would probably be wise > to send around reminders to all core devs who have access and > have not used their permissions every few year. The keys of those > who don't respond could then be disabled, without affecting > anything else; and, of course, easily be reenabled if needed, > without much process either.
Aye, that's the key concept behind adding an explicit "Dormant" status for core developers - they're folks that are still trusted with core commit privileges if they choose to exercise them, but while they're not using their access, it's better to deactivate their credentials to reduce the potential for compromise. We'd add a note to the developer guide that gave instructions on how to request reactivation (likely just "Check the developer guide to ensure you're up to speed with any changes since you were last active, then past to python-committers requesting that your credentials be reactivated"). Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/